Sen. Wyden Confirms Cell-Site Simulators Disrupt Emergency Calls

Deeplinks Blog | Mon, 08/27/2018 - 21:05

Sen. Ron Wyden has sent a letter to the U.S. Department of Justice concerning disruptions to 911 emergency services caused by law enforcement’s use of cell-site simulators (CSS, also known as IMSI catchers or Stingrays). In the letter, Sen. Wyden states that:

Senior officials from the Harris Corporation—the manufacturer of the cell-site simulators used most frequently by U.S. law enforcement agencies—have confirmed to my office that Harris’ cell-site simulators completely disrupt the communications of targeted phones for as long as the surveillance is ongoing. According to Harris, targeted phones cannot make or receive calls, send or receive text messages, or send or receive any data over the Internet. Moreover, while the company claims its cell-site simulators include a feature that detects and permits the delivery of emergency calls to 9-1-1, its officials admitted to my office that this feature has not been independently tested as part of the Federal Communication Commission’s certification process, nor were they able to confirm this feature is capable of detecting and passing-through 9-1-1 emergency communications made by people who are deaf, hard of hearing, or speech disabled using Real-Time Text technology.

Researchers of CSS technology have long suspected that using such technologies, even professionally designed and marketed CSS’s, would have a detrimental effect on emergency services, and now—for the first time—we have confirmation.

It is striking, but unfortunately not surprising, that law enforcement has been allowed to use these technologies and has continued to use them despite the significant and undisclosed risk to public safety posed by disabling 911 service, not to mention the myriad privacy concerns related to CSS use. What’s more, a cell-site simulator wouldn’t just disrupt service for the specific person or persons being tracked but would likely disrupt service for every mobile device in the area as it tricks every phone in the area into connecting to the fake base station in search of the target phone. This could be especially dangerous during a natural disaster when IMSI catchers are being used to locate missing persons in damaged buildings or other infrastructure, cutting off 911 service at a time like that could be a grave danger to others trapped in dangerous situations.

Harris Corporation claims that they have the ability to detect and deliver calls to 911, but they admit that this feature hasn’t been tested. Put bluntly, there is no way for the public or policy makers to know if this technology works as intended. Thanks to the onerous non-disclosure agreements that customers of Harris Corp and other CSS vendors’ customers have regularly been required to enter into there is very little public information about how CSS work and what their capabilities are. Even if a security researcher did audit a CSS, the results would be unlikely to ever see the light of day.

Furthermore, even if Harris’ technology works the way they claim it does, they are far from the only manufacturer of CSS devices. There are several other companies that manufacture such technology and we know even less about the workings of their technologies or whether they have any protections against blocking 911 calls. Cell-site simulators are now easy to acquire or build, with homemade devices costing less than $1000 in parts. Criminals, spies, and anyone else with malicious intent could easily build a CSS specifically to disrupt phone service, or use it without caring whether it disrupts 911 service.

The only way to stop the public safety and public privacy threats that cell-site simulators pose is to increase the security of our mobile communications infrastructure at every layer. All companies involved in mobile communications from the network layer (AT&T, T-Mobile, Verizon, etc.) to the hardware layer (Qualcomm, Samsung, Intel), to the software layer (Apple, Google) need to work together to ensure that our cellular infrastructure is safe, secure, and private from attacks by spys, criminals, and rogue law enforcement. For their part, policymakers such as Sen. Wyden can help by continuing to provide transparency on how IMSI catchers work and are used, and funds to upgrade our aging cellular infrastructure.